Help Net Security

Don't miss:

Cisco plugs WPA2 holes, critical Cloud Services Platform flaw

Business suffers as over-zealous security tools block legitimate work

Millions download botnet-building malware from Google Play

Hot stuff

Android malware

Millions download botnet-building malware from Google Play

Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the …

binary

The pervasive risk of vulnerable open source components

Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk …

chess

Using a robust platform for cyber threat analysis training

We have recognised threats coming more regularly from varied origins such as nation-states, hacktivist and cybercriminal actors. Coupled with many new public policies aimed at mitigating the negative effects of data breaches, cyber espionage and intellectual property theft, it’s clear a new ecosystem of cyber threat intelligence sharing is …

now

Why wait to be breached? Three reasons to secure your data now

“I’m working on it.” “We don’t have room in this year’s budget.” “Something else more important came up.” “Well, we’ve not been breached before…” “The risk of it happening is so small and it’s hard to quantify…” These are some of the most common excuses companies give for …

chess

Spotlight

Using a robust platform for cyber threat analysis training

stop

Business suffers as over-zealous security tools block legitimate work

Most security teams utilise a ‘prohibition approach’ – i.e. restricting user access to websites …

binary

The pervasive risk of vulnerable open source components

Veracode announced findings from the 2017 State of Software Security Report, a comprehensive …

keys

Vulnerability in code library allows attackers to work out private RSA keys

Adobe Flash

Adobe releases emergency fix for Flash Player zero-day exploited in the wild

Expert corner

Using a robust platform for cyber threat analysis training

Joep Gommers CEO at EclecticIQ

Using a robust platform for cyber threat analysis training

Protecting networks from DNS exfiltration

David Williamson CEO at EfficientIP

Protecting networks from DNS exfiltration

iPhone X gets facial authentication, is the enterprise next?

Ryan Zlockie Global VP of Authentication at Entrust Datacard

iPhone X gets facial authentication, is the enterprise next?

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Corey Nachreiner CTO at WatchGuard Technologies

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Navigating GDPR in the mobile enterprise

John Aisien CEO at Blue Cedar

Navigating GDPR in the mobile enterprise

The real cost of alarm fatigue

Tony Rowan Chief Security Consultant at SentinelOne

The real cost of alarm fatigue

What’s the use of a privacy policy?

Raj Samani Chief Scientist at McAfee

What’s the use of a privacy policy?

The security status quo falls short with born-in-the-cloud software

Manish Gupta CEO at ShiftLeft

The security status quo falls short with born-in-the-cloud software

SIEM challenges: Why your security team isn’t receiving valuable insights

Brad Taylor CEO at Proficio

SIEM challenges: Why your security team isn’t receiving valuable insights

We can’t rely on black swans: Three areas to improve cyber policy now

Dr. Andrea Little Limbago Chief Social Scientist at Endgame

We can’t rely on black swans: Three areas to improve cyber policy now

Where does corporate cloud security responsibility begin and service provider responsibility end?

William Hurley AVP Software Lifecycle Services at Astadia

Where does corporate cloud security responsibility begin and service provider responsibility end?

Has healthcare misdiagnosed the cybersecurity problem?

Kevin Magee Global Security Strategist at Gigamon

Has healthcare misdiagnosed the cybersecurity problem?

What's New

Cisco

Cisco plugs WPA2 holes, critical Cloud Services Platform flaw

Cisco has released updates to address vulnerabilities in a wide variety of its products. Among these are updates fixing the WPA2 vulnerabilities that can be exploited in the newly unveiled KRACK attacks, as well as a critical vulnerability …

gap

Another KRACK in the network perimeter

When a high profile vulnerability surfaces that is as far reaching as KRACK, a WPA2 encryption attack to hijack Wi-Fi networks, it’s common to respond impulsively. “Why are people using outdated technologies?” or “Why aren’t people patching …

Terminal

Most organizations don’t have SSH security policies in place

Cybercriminals can abuse SSH keys to secure and automate administrator-to-machine and machine-to-machine access to critical business functions. According to Venafi’s research, even though SSH keys provide the highest levels of administrative …

container

Enterprise container security: There’s room for improvement

With companies such as Facebook, Netflix and Google heralding the use of containers for their agility, portability, and cost benefits – enterprises are following suit. But the introduction of new processes and changes to infrastructure …

stop

Business suffers as over-zealous security tools block legitimate work

Most security teams utilise a ‘prohibition approach’ – i.e. restricting user access to websites and applications – a tactic which is hampering productivity and innovation while creating major frustration for users, according to research …

Android malware

Millions download botnet-building malware from Google Play

Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of …

Reviews

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Don't miss

Cisco

Cisco plugs WPA2 holes, critical Cloud Services Platform flaw

stop

Business suffers as over-zealous security tools block legitimate work

Android malware

Millions download botnet-building malware from Google Play

Google security

Google offers Advanced Protection for high-risk users of its services

Oracle

Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update

binary

The pervasive risk of vulnerable open source components

Businessman juggling

Should non-security functions get more involved in cybersecurity?

keys

Vulnerability in code library allows attackers to work out private RSA keys

tunnel

Are you employees snooping on the corporate network?

Google Chrome

ESET helps Google protect Chrome users from unwanted software

Adobe Flash

Adobe releases emergency fix for Flash Player zero-day exploited in the wild

open source

Companies turn a blind eye to open source risk

Malware news

Millions download botnet-building malware from Google Play

Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of …

ESET helps Google protect Chrome users from unwanted software

Android DoubleLocker ransomware encrypts data, changes device PIN

Compromised analytics provider made Equifax’s site point to malware

Equifax’s site hacked to redirect info-seeking visitors to adware

Privacy news

As GDPR implementation date approaches, cyber risk gets more attention

The upcoming implementation of the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, has elevated cyber risk to the top of the corporate agenda for organizations doing business in Europe. In a new global …

Accenture inadvertently exposes highly sensitive corporate, client data online

Beyond GDPR: Data protection as a competitive advantage

The privacy implications of email tracking

DJI launches privacy mode for drone operators